From: Todd Veillette (tveillette@xxxxxxxx)
Date: Thu Aug 23 2001 - 20:42:36 GMT-3
Annu,
I have them running in production. I have upgraded IOS, memory, and
interfaces. I am currently running 5.1 with 2 dmz's and stateful
failover (you need one interface just for that). The older versions
needed crossovers, and ip's, different security. This version does not.
But as you said, you must shutdown the unused interfaces.
Also I do not run ACL's as my config is over 5 pages when inputted into
word, so conduits work just fine.
-Todd
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Annu
Sent: Thursday, August 23, 2001 10:12 AM
To: Michael Davis; John Kaberna; Asim Khan; Scott M. Trieste; bravo;
ccielab@groupstudy.com
Subject: Re: PIX 515 configuration problem !! Help ME!
Group,
What u say is right that there's some problems in
failover configurations if the unused interfaces are
not cabled together. Even if they are not in use
apparently they need a crossover cable connected
to each other. Also IP addresses must be allocated
to the interfaces and they should have different
security values associated with it. Any two interface
cant have same security value when in use (even
otherwise as I remember !)
Also when I was in Networkers this year at Chicago the
security expert there was mentioning that with 6.0(1)
we wont need to it. He also mentioned some ver and
above ( sorry I don't remember it !) its not needed.
(He also said its better to keep the interfaces shut
down) .We are implementing it right now and will post
info about his once we do it.
=====
Thanks in advance for ur time and replies.
Annu.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:57 GMT-3